Life at U Mobile
We are Passionate, Innovative, Trustworthy, Team-Oriented & Fun-Loving.
At U Mobile, we are always on the lookout for great talents and passionate individuals to join our growing team.
Let's start your journey with an award-winning organization!
#UnbeatableCareerAwaits
Top Reasons To Join Us!
- Awarded For
- Most Preferred Employers in Telecommunication Industry (2022, 2023 & 2024)
- Bronze Winner in Cross-Generational Workforce Engagement (2024)
- Gold Winner for Excellence in Workplace Culture (2021)
- Comprehensive medical, dental, optical and insurance benefits
- Flexi working hours arrangements
- Staff Line & Device Subsidy
- Smart Casual Attire
- Child Parental Care Leave
- Convenient location with access to public transport (Imbi Monorail/Bukit Bintang MRT)
- Special employee discounts for selected F&B Brands
Role
The Day-To-Day Activities
Vulnerability Management
- Own the end-to-end vulnerability scanning cycle for infrastructure, endpoints, network devices, containers, and cloud workloads (scheduled and ad hoc).
- Tune scanners, maintain asset groupings and credentialed scans, ensure coverage, and reduce false positives.
- Triage and validate findings, assign severity based on CVSS, exploitability, business impact, and asset criticality.
- Coordinate remediation with platform, network, and application teams; track SLAs and exceptions; escalate overdue items.
- Manage patch verification and re-scan cycles; maintain a risk-accepted backlog with documented compensating controls.
- Produce executive and operational reports (e.g., vulnerability backlog trend, Mean Time To Remediate, exposure by asset class).
- Integrate vulnerability data into SIEM/SOAR/GRC for correlation and workflow automation where possible.
Security Compliance & Assurance
- Plan and execute periodic compliance checks against internal security policies/standards and external frameworks (e.g., ISO/IEC 27001/2, NIST CSF, CIS Controls, PCI DSS, SOC 2, MAS/TRM/BNM-RMiT as applicable).
- Perform control testing, evidence collection, sample-based reviews, and gap analysis; document findings and remediation plans.
- Support internal/external audits and certification activities; coordinate with control owners for timely closure of audit observations.
- Maintain policy-to-control-to-evidence mapping in GRC tools; ensure versioning and traceability.
IT Security Posture Management
- Maintain and enhance security posture metrics (e.g., vulnerability exposure, hardening compliance, privileged access hygiene, endpoint protection coverage, configuration drift).
- Oversee configuration baseline compliance (e.g., CIS benchmarks) for servers, endpoints, databases, cloud services, and network devices.
- Contribute to secure configuration standards and review change requests for security impact.
- Support risk assessments (systems, projects, vendors) and embed posture checks into onboarding and change processes.
- Provide concise, actionable dashboards and briefings to leadership and technology stakeholders.
Collaboration & Governance
- Support vulnerability remediation forums with Technology owners; drive issue resolution and risk decisions.
- Work with AppSec, Cloud, IT Ops, and SOC/Threat Intelligence to prioritize remediation based on real-world threats and business context.
- Develop SOPs, runbooks, and playbooks; deliver awareness and training to technical teams.
About You
Required Qualifications & Experience
- Bachelor's degree in Computer Science, Information Security, Engineering, or equivalent experience.
- 58 years in information security with strong experience in vulnerability management and security compliance.
- Hands-on with enterprise vulnerability scanners (e.g., Tenable, Qualys, Rapid7), and experience with credentialed scanning.
- Solid understanding of OS, network, cloud (AWS/Azure/GCP), and container security fundamentals.
- Experience testing and evidencing controls against at least one framework (e.g., ISO 27001, NIST CSF, CIS, PCI DSS).
- Familiarity with SIEM/SOAR, EDR, MDM, CMDB/asset management, patch management, and GRC platforms.
Preferred Certifications
- Security: CISSP, CISM, Security+, CySA+
- Vulnerability/Blue Team: GMON, GCIH, GCDA, eJPT/eCPPT
- Cloud & Compliance: CCSP, Azure/AWS security certs, ISO 27001 Lead Implementer/Auditor, PCI ISA
Key Skills
- Strong analytical and risk-based prioritization skills; able to translate technical findings into business impact.
- Proficient in reporting and creating meaningful dashboards for both exec and technical audiences.
- Excellent stakeholder management, facilitation, and escalation handling.
- Scripting/automation (e.g., Python/PowerShell), API integrations for data extraction and workflow automation (bonus).
- Clear, concise communication and documentation.
#LA-RA1
What's Next Once you have applied online, our team will review your application and due to a high volume of applications, only shortlisted candidates will be notified.
